Squidbleed (CVE-2026-47729): Squid Proxy Memory Leak Details and PoC Disclosed
Do Son 
TL;DR
Researchers at Calif.io disclosed the Squidbleed vulnerability in the Squid web proxy, tracked as CVE-2026-47729. The bug leaks other users’ HTTP requests, including passwords and session tokens. Full technical details and proof-of-concept exploit code are now public. The flaw has lurked in Squid since 1997.
Why It Matters
Squid sits between many users and the internet. Therefore, one leaky proxy can expose a whole network’s traffic. The flaw hits shared setups hardest, such as offices, schools, and public Wi-Fi. In those places, the attacker is just another user on the same proxy. Moreover, the leaked bytes can include Authorization headers, cookies, and API keys. SUSE rates the issue moderate, with a CVSS score of 6.5. Still, cross-user credential theft on shared infrastructure carries real weight. Calif.io found the bug with help from an AI model, Claude Mythos Preview. This marks the firm’s second AI-assisted disclosure this month.
How the Attack Works
The Squidbleed vulnerability lives in Squid’s FTP directory-listing parser. That code dates back to a 1997 fix for NetWare servers. An attacker first points the proxy at an FTP server they control. Then their server returns a listing line that ends right after the timestamp. At that point, a whitespace-skipping loop misreads the string’s null byte. The quirk is subtle: in C, searching for that null byte still succeeds. As a result, the pointer walks past the end of the buffer. Squid then copies stale heap data into the listing. That recycled buffer may still hold a victim’s HTTP request. So the proxy hands those bytes back to the attacker as a filename. You can read the full mechanism in the Calif.io research write-up.
What Gets Exposed
The leak only reaches traffic that Squid can read. Normal HTTPS rides an opaque CONNECT tunnel, so it stays hidden. Thus, only cleartext HTTP and TLS-terminating proxies face real risk. The attacker also needs the proxy to reach their FTP server on port 21. Squid enables both FTP and that port by default.
Affected Versions
Squidbleed affects every version of Squid in its default configuration. FTP support ships on by default, and port 21 sits in the default Safe_ports list. Because of that, most untouched installs are exposed right now. The parser bug has hidden in the code for nearly 29 years. Triggering it needs no special build flags.
Patch and Mitigation
The fix is a one-line null-terminator check before the parser calls strchr. Maintainers merged it into Squid’s branches during April and May 2026. The Squid 7.6 release arrived on June 8, and Debian’s maintainer notes the guard appears present there. However, the Squid project points to version 7.7 for the formal fix. So verify the patch inside FtpGateway.cc rather than trusting the version number. Distribution backports vary, so check your specific build. The safer move is to disable FTP entirely. Most networks carry almost no FTP traffic today, so turning it off removes the attack surface for free. As of June 22, 2026, no in-the-wild exploitation has been reported. Still, public proof-of-concept code now exists, so defenders should act quickly.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
